diff --git a/changelogs/fragments/win_domain-cred.yaml b/changelogs/fragments/win_domain-cred.yaml
new file mode 100644
index 0000000000..b174d20466
--- /dev/null
+++ b/changelogs/fragments/win_domain-cred.yaml
@@ -0,0 +1,3 @@
+bugfixes:
+- win_domain - Fix when running without credential delegated authentication - https://github.com/ansible/ansible/issues/53182
+- 'win_domain - Do not fail if DC is already promoted but a reboot is required, return ``reboot_required: True``'
diff --git a/lib/ansible/modules/windows/win_domain.ps1 b/lib/ansible/modules/windows/win_domain.ps1
index 4039c360f8..a978fccec3 100644
--- a/lib/ansible/modules/windows/win_domain.ps1
+++ b/lib/ansible/modules/windows/win_domain.ps1
@@ -71,8 +71,10 @@ if (($forest_mode -ne $null) -and -not ($forest_mode -in $valid_forest_modes)) {
 
 $forest = $null
 try {
-    $forest = Get-ADForest $dns_domain_name -ErrorAction SilentlyContinue
-} catch { }
+    # Cannot use Get-ADForest as that requires credential delegation, the below does not
+    $forest_context = New-Object -TypeName System.DirectoryServices.ActiveDirectory.DirectoryContext -ArgumentList Forest, $dns_domain_name
+    $forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetForest($forest_context)
+} catch [System.DirectoryServices.ActiveDirectory.ActiveDirectoryObjectNotFoundException] { }
 
 if (-not $forest) {
     $result.changed = $true
@@ -113,13 +115,24 @@ if (-not $forest) {
         $install_params.ForestMode = $forest_mode
     }
 
-    $iaf = Install-ADDSForest @install_params
+    $iaf = $null
+    try {
+        $iaf = Install-ADDSForest @install_params
+    } catch [Microsoft.DirectoryServices.Deployment.DCPromoExecutionException] {
+        # ExitCode 15 == 'Role change is in progress or this computer needs to be restarted.'
+        # DCPromo exit codes details can be found at https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/troubleshooting-domain-controller-deployment
+        if ($_.Exception.ExitCode -eq 15) {
+            $result.reboot_required = $true
+        } else {
+            Fail-Json -obj $result -message "Failed to install ADDSForest with DCPromo: $($_.Exception.Message)"
+        }
+    }
 
     if ($check_mode) {
         # the return value after -WhatIf does not have RebootRequired populated
         # manually set to True as the domain would have been installed
         $result.reboot_required = $true
-    } else {
+    } elseif ($null -ne $iaf) {
         $result.reboot_required = $iaf.RebootRequired
 
         # The Netlogon service is set to auto start but is not started. This is